[pve-devel] [RFC v6 qemu-server] VM protection mode

Thu Sep 10 18:32:17 CEST 2015

This should do the trick ;-)

On 09/10/2015 06:30 PM, Alen Grizonic wrote:
> v6 changes:
>
> - disk removal prevention -> added unused disk removal prevention
> - protection option removal prevention
> - changed man page message
> - added common check_protection subroutine
> ---
>   PVE/API2/Qemu.pm  | 15 +++++++++++++--
>   PVE/QemuServer.pm |  2 +-
>   2 files changed, 14 insertions(+), 3 deletions(-)
>
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index fabd490..2d6db1b 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -206,6 +206,14 @@ my $check_vm_modify_config_perm = sub {
>       return 1;
>   };
>   
> +my $check_protection = sub {
> +    my ($vm_conf, $err_msg) = @_;
> +
> +    if ($vm_conf->{protection}) {
> +	die "$err_msg - protection mode enabled\n";
> +    }
> +};
> +
>   __PACKAGE__->register_method({
>       name => 'vmlist',
>       path => '',
> @@ -889,6 +897,7 @@ my $update_vm_api  = sub {
>   		$modified->{$opt} = 1;
>   		$conf = PVE::QemuServer::load_config($vmid); # update/reload
>   		if ($opt =~ m/^unused/) {
> +		    &$check_protection($conf, "can't remove VM $vmid storage");
>   		    $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
>   		    my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
>   		    if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
> @@ -896,11 +905,14 @@ my $update_vm_api  = sub {
>   			PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
>   		    }
>   		} elsif (PVE::QemuServer::valid_drivename($opt)) {
> +		    &$check_protection($conf, "can't remove VM $vmid storage");
>   		    $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
>   		    PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
>   			if defined($conf->{pending}->{$opt});
>   		    PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
>   		    PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
> +		} elsif ($opt eq 'protection') {
> +		    &$check_protection($conf, "can't delete VM $vmid protection option");
>   		} else {
>   		    PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
>   		    PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
> @@ -1144,8 +1156,7 @@ __PACKAGE__->register_method({
>   
>   	my $storecfg = PVE::Storage::config();
>   
> -	die  "can't remove VM $vmid - protection mode enabled\n"
> -	    if $conf->{protection};
> +	&$check_protection($conf, "can't remove VM $vmid");
>   
>   	die "unable to remove VM $vmid - used in HA resources\n"
>   	    if PVE::HA::Config::vm_is_ha_managed($vmid);
> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
> index be4d3d9..009b447 100644
> --- a/PVE/QemuServer.pm
> +++ b/PVE/QemuServer.pm
> @@ -387,7 +387,7 @@ EODESCR
>       protection => {
>   	optional => 1,
>   	type => 'boolean',
> -	description => "Sets the protection flag of the VM. This will prevent the remove operation.",
> +	description => "Sets the protection flag of the VM. This will prevent the VM or VM's disk remove operation.",
>   	default => 0,
>       },
>   };